You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@drill.apache.org by "Arina Ielchiieva (Jira)" <ji...@apache.org> on 2020/02/27 16:41:00 UTC
[jira] [Assigned] (DRILL-7270) Fix non-https dependency urls and
add checksum checks
[ https://issues.apache.org/jira/browse/DRILL-7270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Arina Ielchiieva reassigned DRILL-7270:
---------------------------------------
Assignee: Bohdan Kazydub
> Fix non-https dependency urls and add checksum checks
> -----------------------------------------------------
>
> Key: DRILL-7270
> URL: https://issues.apache.org/jira/browse/DRILL-7270
> Project: Apache Drill
> Issue Type: Task
> Components: Security
> Affects Versions: 1.16.0
> Reporter: Arina Ielchiieva
> Assignee: Bohdan Kazydub
> Priority: Major
> Fix For: 1.18.0
>
>
> Review any build scripts and configurations for insecure urls and make appropriate fixes to use secure urls.
> Projects like Lucene do checksum whitelists of all their build dependencies, and you may wish to consider that as a
> protection against threats beyond just MITM.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)